As Wikileaks continues to haemorrhage secrets that America would like to keep buried, there has been growing anger amongst Washington hawks asking why the world’s most powerful military cannot employ some of its considerable might to take the whistle-blowing website out.
Former vice president candidate Sarah Palin led the charge today calling on the US military to hunt Julian Assange “with the same urgency we pursue al-Qa'ida and Taliban leaders.” Although most US politicians have avoided advocating the assassination of Wikileaks’ founder, many have begun calling for cyber attacks on his website.
But taking down well protected cyber entity like Wikileaks is not as simple as bombing a runway or landing marines on a beachhead.
This week Wikileaks has been hit by two denial of service attacks (DDOS), a relatively common cyber assault which temporarily disables a website by flooding it with requests for information.
The first assault began on Sunday evening, just hours before the State Department cables were meant to go online. A lone US hacker who goes by the name of “Jester” claimed responsibility for the attack. There is little way of verifying that claim but Jester – who accused Wikileaks of “endangering the lives of our troops and other assets” – has launched similar sized attacks on militant Islamist websites in the past.
The second attack, which hit earlier today, is reportedly much larger than the first and may keep Wikileaks offline for a while longer. But either way DDOS is only ever a temporary method to bring a website down.
When the DDOS attacks began Wikileaks gave us all a clue as to how it protects itself. It began shifting its website onto a host of back-up servers, some of which are cloud services run by Amazon out of Ireland and the United States.
It is assumed that Wikileaks also already has a host of mirror websites ready to roll in the event of its current online going down.
“I’d be very surprised if they didn’t have some sort of disaster recovery plan lined up like any other commercial organisation with a prominent web presence,” says Rik Ferguson, a cyber-security expert at Trend Micro. “It is technologically possible to disrupt the Wikileaks website but all the measures are temporary at best and easily overcome.”
By giving media outlets access to its material in advance, Wikileaks also made the task of stopping the State Department leaks virtually impossible.
The simple fact remains that even with America’s immense cyber military might, a website like Wikileaks is incredibly hard to tackle.
Much has been written about the shadowy nature of Wikileaks itself, an ethereal organisation staffed predominantly by unnamed volunteers who are connected by little more than the web and a fervent belief that all information should be in the public domain.
But the lack of corporate structure is just the first line of a sophisticated defence which makes the website exceedingly well protected.
Until recently Wikileaks was predominantly hosted in Sweden by a “bulletproof” service provider called PRQ which, over the past decade, has become the favoured choice for a variety of political dissidents, activists and refugee groups who would be closed down if they hosted websites in their own countries. The company deliberately keeps no logs on its clientele and specialises in protecting website against even the most sophisticated hacking techniques.
“If it is legal in Sweden”, PRQ states, “we will host it, and will keep it up regardless of any pressure to take it down.”
In recent weeks Wikileaks has left PRQ to a series of unknown servers but you can bet the move has strengthened the walls surrounding the website rather than weakened it.
“We have been working on upgrading our systems with new servers in different countries,” explains Kristinn Hvrafnsson, an Icelandic journalist and Wikileaks volunteer. “It’s an ongoing project. For obvious reasons I wouldn’t like to comment further than that.”
Any attack on the servers that host Wikileaks, meanwhile, could be constituted as an attack against the country where they are based. The US government would likely have to seek permission from the host country before it attacks or else risk a major diplomatic fallout.
Then there are the mysterious “insurance files” that Wikileaks founder Julian Assange has encouraged supporters to download and store in case something happens to either him or his website.
The first file appeared earlier this summer, four days after the website published its famous Afghan war logs. A link to another file was released earlier this week on Twitter alongside the statement: “Now is a good time to download some ‘history insurance’”.
The contents of these files are currently encrypted. But as Assange remarked earlier this year in a pointed threat against any attempts to stifle his organisation: “All we have to do is release the password to that material and it’s instantly available.”
It’s a shrewd move. Were the US to succeed in permanently taking down the Wikileaks website, they could be faced with a potential Pandora’s Box of previously unpublished information that might make the current leaks look like a picnic.
“It could all be a very elaborate double bluff,” says one cyber-warfare specialist who asked to remain anonymous. “But knowing how deeply anti-American Wikileaks is, my hunch is those files would contain something that could really sting the US if they ever took action against Assange.”